I created a headless application using Drupal and Vue.js/Nuxt.js. I want anonymous users to register and Admin approves their subscription (the configuration for this is done).
I can't find a way to understand why. When I give the Access POST on User registration resource permission to anonymous users, I get a 401 Unauthorized status with the No authentication credentials provided. message using Postman or Axios. When I give the Administer users permission to anonymous users, the POST method works fine for me without the X-CSRF-Token in the header.
The anonymous users don't need any identification methods to access the registration form and send their information using /user/register?_format=hal_json. The Administer users permission will let any user display, edit, delete users using the server URL.
let userData = {
"_links": {
"type": {
"href": "http://example.com/rest/type/user/user"
}
},
"name": [{"value": "jack"}],
"mail": [{"value": "[email protected]"}],
"field_phone": [{"value": "99999999"}],
"roles": [{"target_id": "member"}],
//"pass": [{"value": "0000"}] // if required email verification (admin/config/people/accounts) not checked we send pass
};
// Post Data
this.$axios.post("http://example.com/user/register?_format=hal_json", userData, {
headers: {
"Content-type": "application/hal+json"
}
}).then(() => {
}).catch(function (res) {
});
I also tried to remove the Administer users permission from anonymous users and add the X-CSRF-Token header with a value from www.example.com/session/token, but I still get the No authentication credentials provided. message.
